- fate#319989 - Update to Xen 4.7 RC6

xen-4.7.0-testing-src.tar.bz2 - Drop CVE-2014-3672-qemut-xsa180.patch via prjconf via prjconf - Update to the latest Xen 4.7 pre-release c2994f86 OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=439
2016-06-16 17:54:29 +00:00 · 2016-06-16 17:54:29 +00:00 · 5a38fd93da
commit 5a38fd93da
parent bece3c5621
5 changed files with 16 additions and 98 deletions
--- a/CVE-2014-3672-qemut-xsa180.patch
+++ b/CVE-2014-3672-qemut-xsa180.patch
@ -1,87 +0,0 @@
-References: bsc#981264 CVE-2014-3672 XSA-180
-
-From 7490dab5c1a01b1623e9d87bdc653cb4f963dd8a Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Thu, 19 May 2016 19:38:35 +0100
-Subject: [PATCH] main loop: Big hammer to fix logfile disk DoS in Xen setups
-
-Each time round the main loop, we now fstat stderr.  If it is too big,
-we dup2 /dev/null onto it.  This is not a very pretty patch but it is
-very simple, easy to see that it's correct, and has a low risk of
-collateral damage.
-
-The limit is 1Mby by default but can be adjusted by setting a new
-environment variable.
-
-This fixes CVE-2014-3672.
-
-Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
-Tested-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
---
- vl.c |   46 ++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 46 insertions(+)
-
-Index: xen-4.7.0-testing/tools/qemu-xen-traditional-dir-remote/vl.c
-===================================================================
--- xen-4.7.0-testing.orig/tools/qemu-xen-traditional-dir-remote/vl.c
-+++ xen-4.7.0-testing/tools/qemu-xen-traditional-dir-remote/vl.c
-@@ -3752,6 +3752,50 @@ static void host_main_loop_wait(int *tim
- }
- #endif
- 
-+static void check_cve_2014_3672_xen(void)
-+{
-+    static unsigned long limit = ~0UL;
-+    const int fd = 2;
-+    struct stat stab;
-+
-+    if (limit == ~0UL) {
-+        const char *s = getenv("XEN_QEMU_CONSOLE_LIMIT");
-+        /* XEN_QEMU_CONSOLE_LIMIT=0 means no limit */
-+        limit = s ? strtoul(s,0,0) : 1*1024*1024;
-+    }
-+    if (limit == 0)
-+        return;
-+
-+    int r = fstat(fd, &stab);
-+    if (r) {
-+        perror("fstat stderr (for CVE-2014-3672 check)");
-+        exit(-1);
-+    }
-+    if (!S_ISREG(stab.st_mode))
-+        return;
-+    if (stab.st_size <= limit)
-+        return;
-+
-+    /* oh dear */
-+    fprintf(stderr,"\r\n"
-+            "Closing stderr due to CVE-2014-3672 limit. "
-+            " Set XEN_QEMU_CONSOLE_LIMIT to number of bytes to override,"
-+            " or 0 for no limit.\n");
-+    fflush(stderr);
-+
-+    int nfd = open("/dev/null", O_WRONLY);
-+    if (nfd < 0) {
-+        perror("open /dev/null (for CVE-2014-3672 check)");
-+        exit(-1);
-+    }
-+    r = dup2(nfd, fd);
-+    if (r != fd) {
-+        perror("dup2 /dev/null (for CVE-2014-3672 check)");
-+        exit(-1);
-+    }
-+    close(nfd);
-+}
-+
- void main_loop_wait(int timeout)
- {
-     IOHandlerRecord *ioh;
-@@ -3763,6 +3807,8 @@ void main_loop_wait(int timeout)
- 
-     host_main_loop_wait(&timeout);
- 
-+    check_cve_2014_3672_xen();
-+
-     /* poll any events */
-     /* XXX: separate device handlers from system ones */
-     nfds = -1;
--- a/qemu-xen-traditional-dir-remote.tar.bz2
+++ b/qemu-xen-traditional-dir-remote.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:5b687988f256884ff76fa098b9e80b35f6b6a4fb1657b9a1b397cfb1cf803a81
-size 3237484
+oid sha256:3357c18510fe53a0218d2210f6a3ee59e754cc41b30e46a347e1ae3c00169781
+size 3237916
--- a/xen-4.7.0-testing-src.tar.bz2
+++ b/xen-4.7.0-testing-src.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:d53bd33cf3e5fe1d7ac3145f6cc9a75829e1690fcc26ac9df113c212361dfcb7
-size 4465808
+oid sha256:ac48f728c4c206a22e118fed6dc42d1c0df42f0988ed6fc5d54dfb3a40489482
+size 4472862
--- a/xen.changes
+++ b/xen.changes
@ -1,10 +1,17 @@
+-------------------------------------------------------------------
+Thu Jun 16 11:48:33 MDT 2016 - carnold@suse.com
+
+- fate#319989 - Update to Xen 4.7 RC6
+  xen-4.7.0-testing-src.tar.bz2
+- Drop CVE-2014-3672-qemut-xsa180.patch
+
 -------------------------------------------------------------------
 Fri Jun 10 14:23:51 UTC 2016 - ohering@suse.de

 - Convert with_stubdom into build_conditional to allow adjusting
-  via prjconf (fate#320836)
+  via prjconf
 - Convert with_debug into build_conditional to allow adjusting
-  via prjconf (fate#320836)
+  via prjconf

 -------------------------------------------------------------------
 Fri Jun 10 13:36:32 UTC 2016 - ohering@suse.de
@ -129,7 +136,7 @@ Tue May  3 07:31:28 UTC 2016 - ohering@suse.de
 -------------------------------------------------------------------
 Fri Apr 29 16:50:33 MDT 2016 - carnold@suse.com

- Update to the latest Xen 4.7 pre-release c2994f86 (fate#319989)
+- Update to the latest Xen 4.7 pre-release c2994f86
  Drop libxl.migrate-legacy-stream-read.patch

 -------------------------------------------------------------------
--- a/xen.spec
+++ b/xen.spec
@ -233,9 +233,8 @@ Patch275:       CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.
 Patch276:       CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch
 Patch277:       CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch
 Patch278:       CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch
-Patch279:       CVE-2014-3672-qemut-xsa180.patch
-Patch280:       CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch
-Patch281:       CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch
+Patch279:       CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch
+Patch280:       CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch
 # qemu-traditional patches that are not upstream
 Patch350:       blktap.patch
 Patch351:       cdrom-removable.patch
@ -554,7 +553,6 @@ Authors:
 %patch278 -p1
 %patch279 -p1
 %patch280 -p1
-%patch281 -p1
 # Qemu traditional
 %patch350 -p1
 %patch351 -p1